martin-white.blogspot.com

SMS'ing is a easy, (fairly) reliable way to get messages to people quickly. Now having a computer program send an SMS could be very handy. Based on the number of "How can I send an SMS from program XYZ..." questions asked in forums, lots of people think so. So I've been thinking of building a set of reusable classes for use in future projects of mine to enable me to inform an admin user when a problem has arisen or send a user information. In spite of lots of people asking these questions, it took me a while to find my answer, especially seeing that I had no idea of how to go about doing it.

There seem to be a few ways of achieving this; some involve using a third party service, like an SMS gateway, others a GSM device connected to a computer. As I don't want to use a subscription service which no doubt would be much easier, I was restricted to using one of my phones connected to my computer. After my initial quick search, I found some code which apparently allowed a program to communicate via a COM port with the phone. That was all good except the phone is connected via a USB port. Hmmmm... It took a while to realize that once the drivers for the phone are installed on the computer, a "virtual COM port" is created which is visible in the device manager in Windows.

So once I got this figured out, I downloaded the smslib code and examples and tried to run it. All I got was an unknown port exception (or something like that). After some more head-scratching, I found that I hadn't installed everything properly. The smslib relies on the commapi which is used to send data to a serial port. This api requires that a dll file and a properties file be placed in the correct folders. With this resolved, the code worked perfectly and I managed to send my first "Hello World" SMS to myself via my connected phone.

In all the searching for that elusive eureka moment I read a lot of information and learnt a few things. An interesting thing relates to the use of AT commands. At first I was totally confused, even though I had seen this relating to modems years ago. Basically, a special set of AT commands, which sent to a modem or phone via the serial port causes certain desired behavior or returns some information. The commands allow a program communicating with a phone to make a call, end a call, send data via GPRS/ 3G/ SMS, get information regarding battery life and many other functions. The exact implementation depends on the phone but it is generally standard. These commands can be easily tested using a utility program like HyperTerminal. So coupled with the AT command specification downloaded from Sony Ericsson for my phone, the commapi library and some imagination I could write a program to control virtually anything on my phone.

So now my final problem is that it seems as though the number of SMS’s sent from a GSM device is restricted to about 6/minute. I will probably have to write a server which allows multiply phones to be connected at the same time that read SMS’s to be sent off a queue. Maybe in the future I’ll expose this as a web service which leads on to the question of authentication and authorization relating to who can send or read SMS’s. Rather than just a side thing, this is turning out to be an interesting project in itself.

I've been hearing a bit about mashups and seen a few products out there. For those who don't know, mashups are built by combining various sources of data and producing a new product from them. They are often web service driven. E.g. Combining Google map data, listed shops combined with pricing and a delivery service to provide a totally new shopping product. OK maybe not the best example but you get the idea. The big thing is that there are products available to enable end users with no programming experience build these applications using a GUI. The thinking is that it is better to get the end user to develop their own products than getting some developer's interpretations.(Think developing simple spreadsheets in Excel - everybody has one somewhere.) At the moment I think that it is still largely developers that produce, but this is where its going. There are some interesting products out there E.g. Yahoo Pipes. Now if companies like Yahoo and Google are putting big money to develop products, this is probably where it's going. I just wonder where this leaves the developer? I know there will always be a need for programmers but as this idea takes hold and ease of development improves for an end user, it may redefine a few things - I just wonder what and how much.

I previously mentioned advertising on websites. I checked out Google AdSense since I use many of Google's products including Gmail, iGoogle, Google Calendar, Google Talk, Google Docs etc. Safe to say that they've got my life in their hands. (Scary to think...)

Anyway I digress - I registered and set up ads. The process was honestly more complex than I realised but then again I had a simplistic understanding to start with. It wasn't difficult but it was a bit time consuming because I wanted to understand everything and yes, I did read the entire "Terms & Conditions". Most people (including myself) normally skip over these but in this case I felt it rather important. Once registered and set up, there are tools provided to track the number of page impressions, ad clicks, Page CTR, earnings etc. Payments are made by check posted to your physical address once your earnings reach $100 (US). I think that electronic fund transfers are also available. Once set up, a crawler analyses the content of the website and places a relevant ad. On blogger.com, it is done with a few clicks but if you place an ad on a "manually" developed web page, you would copy and paste a section of HTML code. I'm still waiting for the crawler to analyse the content of this page because until that stage (as I understand) it will continue to display public service adds.

All in all, it wasn't a difficult process, but set aside more than 5 minutes to complete it.

I'm finally finished exams and have got two months of "free" time to complete all the things I've been playing with. I was checking out some security/ hacking stuff a few days ago (I suppose your terminology depends on which side you sit) I've been trying to learn a few things on security seeing that I don't want to compromise my system. I came upon a few articles of "Google hacking" which made me realize a few things.

From what I can see, there are two approaches to hacking. The first is what I'd call a shotgun approach - basically you shoot everywhere and hope to hit something. Continuing with the gun analogy, the other approach follows that of a sniper - As a sniper identifies a single target and aims for only that. I suppose both approaches serves a hacker's needs depending on what they are looking for. Often, hacking involves identifying a vulnerability and exploiting it. Google comes to the party in the shotgun approach by searching millions of servers for certain strings which could indicate a specific vulnerability or weakness. E.g. Exception messages (stack traces) that are displayed to the end user could be cached by Google and can be looked up at a later stage by someone. These can provide a hacker with lots of information which could be used break into the system. E.g. If an SQL type exception is thrown and displayed which contains table names and/or columns, it may be used in an SQL injection attack. If a web application passes usernames and passwords directly from the page without some validation, inserting a few characters including comment characters in the password field could result in bypassing authentication totally. So by using only Google, a hacker could easily hack into many web applications. The lesson learned in this? I never realized the dangers in search engines caching exception messages by allowing uncaught exception messages to be displayed to the end user (apart from the poor impression made). The second is an old one - make sure that forms fields are checked for invalid characters.

These methods are not new but are highly effective. I managed to access a few servers by searching for admin login pages and trying a few different default usernames and passwords. How stupid can administrators be? Again, a lesson to be learned - make sure that the default user account is off!

Hmmmm. looking back now, there's been quite a gap between the last post. Not that there were that many though... I just haven't had time to work on this. I haven't been able to decide the nature of my blog and without some sort of guidelines, I suppose this is just a random collection of stuff. Probably not too interesting then. And at the end of the day it would be pretty pointless if there was no interest in it. I've decided to focus on technologies and tech-related news, probably including some of the stuff I'm working on.

To start with I came across a blog called WebKEW by Marshall Brain. His blog mainly concerns making money through advertising. I could definitely do with some extra cash - as could everybody, I'm sure. I doubt that a single simple blog is going to turn me into a millionaire over night - And to honest, that's not the reason I'm doing this. But I've been trying to collect some of the projects I've been working on, finish up a few things and publish them. His blog makes for interesting reading for anyone interested in doing a “web businesses” or anybody with a well read blog for that matter. Over the next few weeks I plan on setting up a Linux/Tomcat web server and hosting it at home. This will serve as a platform for testing some of my projects and any other server related work. I want to attempt setting up a distributed web server with failover and load balancing. At the moment I'm just trying to bring everything together in one place. I've got a Google pages web site - if that's what you call it? It functions mainly as a hosting place for some of my stuff until I decide what to do with everything.